Italy-based surveillance malware vendor Hacking Team in May this year declined a request from the Kenya government to deface or bring down KahawaTungu blog, according to new emails released by whistleblower site WikiLeaks.
The leaked emails, according to WikiLeaks, are part of “more than 1 million searchable emails from the Italian surveillance malware vendor Hacking Team, which first came under international scrutiny after WikiLeaks publication of the SpyFiles and which show the inner workings of the controversial global surveillance industry”.
The emails state that the partner/ broker/ consultancy which contacted Hacking Team on behalf of the government is Chris Kinyanjui of Com21 who’s acting on behalf of Eric Mwangi of the Cyber security Department at the Office of the President.
“Dear Chris, thanks for your introduction. Dear Mr. Eric Mwangi, firstly nice to meet you. I would like to ask you, before to proceed to sharing the confidential information, to sign the Non-Disclosure Agreement as in attached. After it, I can send you our solution description, please feel free to contact me for any information you may need. Best regards,” writes Emad Shehata, Hacking Team’s Key Account Manager in charge of Kenya in an email sent on October 29, 2014.
“Dear Emad, Thank you very much for sending me the material on your solution. I herein this mail copy Eric Mwangi who works with the National Intelligence Agency in Kenya particularly in the department that requires your solution. I make this introduction for you to contact him,” states Chris Kinyanjui in response to Shehata’s email the same day.
The ‘solution’ being referred to above by Mr Kinyanjui is Hacking Team’s Remote Control System (RCS) which is designed to evade encryption by means of an agent directly installed on the device to monitor.
After this, communication between the parties seems to have gone silent for some months before resuming in early May this year.
“Dear Emad, Hope this email finds you well. We have seen your proposal on the Galileo product and all looks great and would wish to move forward. Meanwhile, there is a quick task we have for you: 1) There is a website we would wish you urgently bring down, either by defacement or by making it completely inaccessible. The website url is http://www.kahawatungu.com. If you can bring this site down, it would serve as a great proof of concept for your capabilities and also provide a means of immediate engagement. Please let me know if this is possible, and how soon you can have it done. Best regards, Support team,” states an email sent by the National Intelligence Agency to Hacking Team and copied to OP’s Eric Mwangi and Com21’s Chris Kinyanjui on May 6 this year.
However, in response to the National Intelligence Agency’s request to bring down KahawaTungu blog as proof of concept, Daniele Milan, Hacking Team’s Operations Manager says that they “don’t want to be involved with this” as the url and website in question “highlights corruption and other wrongdoings in the Kenya government.”
“Emad, the person who wrote us is from a private communication company in Kenya that sells pay TV services, and the url they asked us to tear down is a news website that is highlighting corruption and other wrongdoings in the Kenya government. I don’t think we want to be involved with this… ,” wrote Daniele Milan in an email sent on May 7, 2015.
KahawaTungu blog is associated with blogger Robert Alai though he publicly declined to state in a previous edition of the #JKLive show whether he’s its publisher.
But even though Hacking Team may have declined to deface or bring down KahawaTungu as requested by the Kenya government, it appears the National Intelligence Agency will manage to procure (or has already procured) the RCS solution from the same firm as the two parties seem to have already signed the necessary documentation including the Non-Disclosure Agreement (NDA) which was delaying the whole process.
The RCS allows the client to secretly collect data from the most common desktop operating systems – such as Windows OS and Linux – and can also monitor all modern smartphones – either Android OS, Blackberry, Windows Phone. Once a target is infected, the client can access all the information, including Skype calls, Facebook, Twitter, WhatsApp, Line and Viber among others.
As part of its Customer Policy however, Hacking Team states that it “reviews potential customers before a sale to determine whether or not there is objective evidence or credible concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations.” It adds that it will “refuse to provide or we will stop supporting our technologies to governments or government agencies that it believes have used HT technology to facilitate gross human rights abuses; who refuse to agree to or comply with provisions in contracts that describe intended use of HT software, or who refuse to sign contracts that include requirements that HT software be used lawfully as well as those who refuse to accept auditing features built into HT software that allow administrators to monitor how the system is being used.”
Last week, NPR reported that Hacking Team suffered a breach after hackers broke into its systems, “downloading hundreds of gigabytes of data and throwing it all on the open Internet.”
In a release sent out Wednesday July 8, Hacking Team acknowledged that its own “investigation had determined that sufficient code was released to permit anyone to deploy the (RCS) software against any target of their choice.”
“Before the attack, HackingTeam could control who had access to the technology which was sold exclusively to governments and government agencies. Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so. We believe this is an extremely dangerous situation,” stated the release.
Hacking Team is not new to controversy, as several human rights organizations have listed it as an “an enemy of the Internet,” with Citizen Lab – which studies surveillance at the Munk School of Global Affairs at the University of Toronto – stating that it has found Hacking Team’s spyware in 21 countries, including Sudan, Egypt, Ethiopia, Turkey and Malaysia, according to NPR.